LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] tftp service and firewall mark

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] tftp service and firewall mark
From: Nicolas Haller <nicolas.haller@xxxxxxxxxxxxx>
Date: Mon, 28 Sep 2009 14:13:42 +0200
On Mon, Sep 28, 2009 at 12:38:28PM +0100, Graeme Fowler wrote:
> On Mon, 2009-09-28 at 12:10 +0200, Nicolas Haller wrote:
> <snip>

> Firstly it would be really, really helpful in your posts if you use the
> "-n" option to both ipvsadm and iptables. That saves us all having to a
> host lookup to decipher the output your provide :)

Ho yes for sure, I don't realize this, sorry.

> > So, when I test, lvs said:
> > 
> > Sep 28 11:55:05 balancoire-1v kernel: [1121193.129497] IPVS: lookup/in UDP 
> > 213.251.170.39:52249->194.79.128.129:69 not hit
> > Sep 28 11:55:05 balancoire-1v kernel: [1121193.129514] IPVS: lookup/out UDP 
> > 213.251.170.39:52249->194.79.128.129:69 not hit
> > Sep 28 11:55:05 balancoire-1v kernel: [1121193.129529] IPVS: lookup 
> > service: fwm 1 UDP 194.79.128.129:69 hit
> > Sep 28 11:55:05 balancoire-1v kernel: [1121193.129545] IPVS: p-schedule: 
> > src 213.251.170.39:52249 dest 194.79.128.129:69 mnet 213.251.170.39
> > Sep 28 11:55:05 balancoire-1v kernel: [1121193.129561] IPVS: template 
> > lookup/in IP 213.251.170.39:0->0.0.0.1:0 not hit

> So it sees the fwmark, checks to see if there's an existing persistence
> template (there isn't) and then... there should be more to this log.

I don't know what you want but I see no more reference to my test
(194.79.128.129:69) or to the mark (0.0.0.1:0).
I don't see lines like:
Sep 28 13:57:18 balancoire-1v kernel: [1128526.284687] IPVS: 
ip_vs_wlc_schedule(): Scheduling...
Sep 28 13:57:18 balancoire-1v kernel: [1128526.284700] IPVS: WLC: server 
62.4.17.17:80 activeconns 65 refcnt 540 weight 1 overhead 16986
Sep 28 13:57:18 balancoire-1v kernel: [1128526.284724] IPVS: Bind-dest TCP 
c:92.106.20.8:0 v:194.79.128.128:80 d:62.4.17.17:80 fwd:T s:0 conn->flags:1182 
conn->refcnt:1 dest->refcnt:541
Sep 28 13:57:18 balancoire-1v kernel: [1128526.284748] IPVS: Bind-dest TCP 
c:92.106.20.8:51443 v:194.79.128.128:80 d:62.4.17.17:80 fwd:T s:0 
conn->flags:182 conn->refcnt:1 dest->refcnt:542
Sep 28 13:57:18 balancoire-1v kernel: [1128526.284765] IPVS: ADDing control 
for: cp.dst=92.106.20.8:51443 ctl_cp.dst=92.106.20.8:0

These line appears for a tcp service which works well (and not use fwm).

> > So, lvs see the mark and the packet but it don't send the packet into ip-ip
> > tunnel and the director send an ICMP udp port unreachable back to the 
> > client.

> If the log for that connection really did stop there, something is
> *very* wrong indeed. I would expect at the very least to see the next
> line/lines determining which realserver (hence which tunnel) the
> connection is sent to.

The problem is lvs seems to don't take any decision. It see marks, it know
there is a service here but it don't select a realserver and don't send any
packets to it.

> It might also help you if your weights are set to something other than 1
> (say 100). Also I note that only one of your realservers appears to be
> functioning (which should greatly simplify the debugging!).

I try with a weight of 100, results is the same.

Thanks,

-- 
Nicolas Haller

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>